Ghostwire

CVE-2026-44324: free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing UE state via nil interface type assertion (single...

MEDIUM CVSS 6.5 Exploit Available

Published: May 8, 2026 | Last Modified: May 8, 2026

Description

free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing UE state via nil interface type assertion (single authenticated request)

Ghostwire Analysis — What This Means Practically

Medium CVSS score indicates moderate risk — exploitation requires specific conditions or results in limited impact.
Exploit code is reported to be available, increasing the likelihood of active exploitation.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

References

github.com/free5gc/free5gc/security/advisories/GHSA-jqfc-gwj5-3w63
github.com/free5gc/free5gc/issues/920
github.com/free5gc/udr/pull/60
github.com/free5gc/udr/commit/8a1d3c63be99d378806d771f086ff32f1867da99
github.com/advisories/GHSA-jqfc-gwj5-3w63
www.tenable.com/cve/CVE-2026-44324
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-44324